pr
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses standard developer tools including
git,pnpm, andghto manage the PR lifecycle. These commands are expected for a PR workflow skill.- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill contains an attack surface where untrusted data (like branch names or file paths) is interpolated into shell commands without explicit sanitization.\n - Ingestion points:
{branch-name},{files}, and{branch}variables used ingitcommands.\n - Boundary markers: Absent for short variable substitutions; heredocs (
cat <<'EOF') are used for longer text blocks, providing some protection against sub-command execution within commit messages.\n - Capability inventory: Provides the ability to execute git commands and GitHub CLI operations, including pushing code and merging PRs.\n
- Sanitization: No explicit logic to sanitize or validate the content of interpolated variables.
Audit Metadata